Mam taki problem od jakiegoś czsu atkuje mnie program antyspyware. Gdy sie klika zaczyna sie pobierać ten program. Pobrałam go raz i zaczeło sie skanowanie co pokazało że mm jakieś wirusy. Chociaz jak skanowałam NOD-em ich nie było. Potem przeczytałam w necie że tak się pojawiją fałszywe programy. Gdy się go zainstaluje sam robi wirusy i je potem znajduje potem trzeba sie zajerestrować i zapłacic co nawet nie ma mowy o tym. Więc tylko nie wiem jak sie tego pozbyć żeby juz to nie wyskakiwało.???
nie wiem. Chyba mój kompóter jest nienormalny niektóre programy w ogóle sie nie chciały otworzyć jak ściągnełam, a te co sie dały to wszystko ok przebiegało oprócz SmitFraudFix jak sie zaczynało skanowanie to w pewnym momęcie sie resetował. Te co dobrze szły i tak nic nie zdziałały nadal to jest
A jak z Combofix ? Zainstaluj i podaj logi.
ten akurat nie chce mi sie włączyć klikam klikam i nic
Zmień nazwę z combofix na jakąkolwiek inną i spróbuj
Zastosuj Malwarebytes’ Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html pokaż log
niestety ale jak sie skanuje w pewnym momecie komputer sie resetuje ja nie wiem co z tym zrobic corz brdziej to mnie denerwuje
Pobierz System Repair Engineer
http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html
przeskanuj daj log
nta , pojawia się wtedy bluescreen? Przyjrzyj się dobrze, bo będzie widoczny bardzo krótko.
udało mi sie zeskanowac System Repair Engineer
a to log:
2008-11-10,13:08:28
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
API HOOK
Hidden Process
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[STMicroelectronics]
[France Télécom R&D]
[File is missing]
<"C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot> [File is missing]
<"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<"E:\NOD\egui.exe" /hide /waitservice> [(Verified)"ESET, spol. s r.o."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
[(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
[Adobe Reader Speed Launch]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]>
[Uruchom przeglądarkę ACDSee]
C:\PROGRA~1\ACDSYS~1\ACDSee\9.0\ACDSee9.exe [ACD Systems Ltd.]>
==================================
Services
[Ares Chatroom server / AresChatServer][Stopped/Manual Start]
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
[Eset Service / ekrn][Running/Auto Start]
[France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[NOD32 Kernel Service / NOD32krn][Stopped/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><(File is missing)>
==================================
Drivers
[eamon / eamon][Running/Auto Start]
[easdrv / easdrv][Running/System Start]
[epfwtdir / epfwtdir][Running/System Start]
[MBAMSwissArmy / MBAMSwissArmy][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys>
[nv / nv][Running/Manual Start]
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS>
[Padus ASPI Shell / pfc][Running/Manual Start]
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys>
[Secdrv / Secdrv][Stopped/Manual Start]
[ATM/ADSL miniport / Stmatm][Running/Manual Start]
[ADSL Modem USB Service / TaurusUsb][Running/Manual Start]
<>
[Kontroler VIA AC'97 Audio (WDM) / VIAudio][Running/Manual Start]
==================================
Browser Add-ons
[Ask Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98}
[Java Plug-in 1.4.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[Java Plug-in 1.4.0_03]
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[AskBar BHO]
{201F27D4-3704-41D6-89C1-AA35E39143ED}
[]
{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
==================================
Running Processes
[PID][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [, 1, 0, 0, 1]
[C] [Adobe Systems, Inc., 7.0.0.0]
[C] [N/A,]
[C] [Malwarebytes Corporation, 1, 1, 0, 0]
[E] [ESET, 3.0.669]
[PID][E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [France Telecom, 11.0 (4)]
[C] [France Télécom R&D, 11b.0 (3)]
[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [STMicroelectronics , 0.1.1.26]
[PID][E] [ESET, 3.0.669]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[E] [ESET, 3.0.669]
[PID][C] [France Télécom R&D, 5.9 (1)]
[C] [France Télécom R&D, 5.4 (36)]
[C] [Microsoft Corporation, 6.00.8168.0]
[C] [France Télécom R&D, 11.0 (0)]
[c] [, 5.9.0]
[C] [France Télécom R&D, 5.9 (525)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [France Télécom R&D, 5.9 (3)]
[C] [France Télécom R&D, 5.4 (36)]
[C] [Microsoft Corporation, 6.00.8168.0]
[C] [France Télécom R&D, 11.0 (0)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [France Télécom R&D, 5.9 (525)]
[c] [, 5.9.0]
[C] [, 1, 0, 0, 1]
[C] [, 5.8 (10)]
[C] [, 1, 0, 0, 1]
[C] [, 11.0 (21)]
[PID][C] [France Télécom R&D, 11b.0 (7)]
[C] [France Télécom R&D, 5.4 (36)]
[C] [Microsoft Corporation, 6.00.8168.0]
[C] [France Télécom R&D, 11b.0 (18)]
[C] [Microsoft Corporation, 6.00.8972.0]
[C] [France Télécom R&D, 11b.0 (3)]
[C] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [France Télécom R&D, 10.0 (227)]
[C] [France Télécom R&D, 10.0 (40)]
[C] [, 11.0 (3)]
[C] [, 10, 0, 0, 0]
[C] [, 5.8 (10)]
[PID][C] [France Telecom R&D, 1, 0, 0, 1]
[C] [France Télécom R&D, 11.0 (0)]
[C] [Microsoft Corporation, 6.00.8168.0]
[C] [Microsoft Corporation, 6.00.8972.0]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [, 1, 0, 0, 1]
[c] [, 5.9.0]
[PID][C] [, 1, 0, 0, 1]
[C] [Microsoft Corporation, 6.00.8168.0]
[C] [Microsoft Corporation, 6.00.8972.0]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [, 1, 0, 0, 1]
[C] [, 1, 0, 0, 1]
[PID][C] [, 1, 0, 0, 1]
[C] [France Télécom R&D, 5.4 (36)]
[C] [Microsoft Corporation, 6.00.8168.0]
[C] [, 11.0 (21)]
[C] [Microsoft Corporation, 6.00.8972.0]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [, 1, 0, 0, 1]
[PID][C] [, 1, 0, 0, 1]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [France Télécom R&D, 11.0 (2)]
[C] [France Télécom R&D, 10.0 (40)]
[C] [France Télécom R&D, 11b.0 (3)]
[C] [Microsoft Corporation, 6.00.8168.0]
[PID][D] [N/A,]
[D] [Un4seen Developments, 2.4.1]
[D] [, 13]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [, 1, 0, 0, 1]
[PID][C] [Tiger grp (www.dimonius.ru), 1.3.5.1]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [, 1, 0, 0, 1]
[PID][C] [Smallfrogs Studio, 2.7.0.1210]
[PID][C] [Smallfrogs Studio, 2.7.0.1210]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [, 1, 0, 0, 1]
[C] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1684, C:\PROGRA~1\NEOSTR~1\TASKBARICON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1476, C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1516, C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1912, C:\PROGRA~1\NEOSTR~1\TOASTER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1156, C:\PROGRA~1\NEOSTR~1\INACTIVITY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1904, C:\PROGRA~1\NEOSTR~1\POLLINGMODULE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 120, C:\WINDOWS\SYSTEM32\ALERTM~1\ALERTM~1.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1140, C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2172, D:\ZOGRAMY\EVIL PLAYER\EVIL_PLAYER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2256, C:\DOCUMENTS AND SETTINGS\NTA52\PULPIT\USDOWNLOADER\USDOWNLOADER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2312, D:\ZOGRAMY\OPERA\OPERA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3392, C:\DOCUMENTS AND SETTINGS\NTA52\PULPIT\SRENGLDR.EXE]
==================================
Scheduled Tasks
N/A
==================================
API HOOK
N/A
==================================
Hidden Process
[1664] C:\WINDOWS\system32\brastk.exe
==================================
a i jeszcze wyskakuje komunikat ze to jest AppInit_DLLs tyko nie da sie tego usunc
Dlaczego zaniechałeś walki z uruchomieniem ComboFix?
Ściągnij go z innej strony, a jeśli będzie trzeba wyłącz na czas skanowania program antywirusowy.
I daj logi.
uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń
Otwórz notatnik i wklej
zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart
powstanie plik o takiej ikonie
w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart
Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum
kopiuj klikasz na Paste Script from Clipboard Execute Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
przeskanuj Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 … It!+4.44.5
Zastosuj Malwarebytes’ Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html szybki skan - jak coś znajdzie to usuń - pokaż log
potem spróbuj zrobić pełny skan Malware
ak6 ,
nie da sie tego zrobić jak włączyłam ComboFix owszem skanuje sie ale w pewnym momęcie resetuje sie gdzieś ok. etapu 50.
Leon$ ,
wszystko dobrze do pewnego momętu wszystko ok az do zinstalownia The Avenger i zrobieni loga to poszlo łatwo:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\brastk.exe" deleted successfully.
File "C:\WINDOWS\system32\karna.dat" deleted successfully.
Error: folder "C:\Program Files\AskBarDis" not found!
Deletion of folder "C:\Program Files\AskBarDis" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
potem było gorzej zainstalowałam Dr.WEB CureIt! zaczynło sie skanowanie i sie zresetował.
włczyłam Malwarebytes’ Anti-Malware sknował się i też w pewnym momęcie sie zresetował.
Nigdy nie ukonczyło się do konca skanowanie a w przypadku Dr.WEB CureIt! nawet nie zaczeło!
Czemu to się resetuje ciągle?
Jeśli możesz do trybu awaryjnego to zrób to w awaryjnym
tu masz jeszcze program którym możesz przeskanować
Pobierz program SDFix
W takim razie może powinieneś spróbować tego:
http://www.searchengines.pl/Bootowalne- … 12329.html
Oprócz tego do sprawdzenia temperatura podzespołów np Everestem oraz napięcia zasilacza.
eh zapomniałam o awaryinym. Nareszcie się tego pozbyłam. Dięki za pomoc!